Home

Description

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

PUBLISHED Reserved 2026-04-16 | Published 2026-05-07 | Updated 2026-05-07 | Assigner vmware




CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

3.1.0 (custom) before 3.1.14
affected

4.1.0 (custom) before 4.1.10
affected

4.2.0 (custom) before 4.2.7
affected

4.3.0 (custom) before 4.3.3
affected

5.0.0 (custom) before 5.0.3
affected

References

spring.io/security/cve-2026-40982

cve.org (CVE-2026-40982)

nvd.nist.gov (CVE-2026-40982)

Download JSON